From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,LOTS_OF_MONEY
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,6482d0ae6dcb1b4c
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-10-20 19:17:31 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!arclight.uoregon.edu!wn14feed!wn12feed!worldnet.att.net!bgtnsc05-news.ops.worldnet.att.net.POSTED!not-for-mail
From: "David Thompson" <david.thompson1@worldnet.att.net>
Newsgroups: comp.lang.ada
References: <mailman.1032687678.1150.comp.lang.ada@ada.eu.org>
 <dale-93E17F.21255422092002@mec2.bigpond.net.au>
 <x7vd6r6rskf.fsf@pushface.org>
 <dale-E40317.08192523092002@mec2.bigpond.net.au>
 <x7vy99twam9.fsf@pushface.org> <mv2OjUUhp2Hh@eisner.encompasserve.org>
 <3d9245da.259420486@news.cis.dfn.de> <3D933A6B.5000105@cogeco.ca>
 <wccadm41jqs.fsf@shell01.TheWorld.com>
 <8db3d6c8.0209270247.5bf07ae5@posting.google.com>
 <3D94D418.5010604@attbi.com>
 <g99o9.6469$k_2.489840@bgtnsc05-news.ops.worldnet.att.net>
 <9WZ5dN1lmUZv@eisner.encompasserve.org>
Subject: Re: if file exist
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Message-ID: <%sJs9.19905$1P1.1202599@bgtnsc05-news.ops.worldnet.att.net>
Date: Mon, 21 Oct 2002 02:17:31 GMT
NNTP-Posting-Host: 12.89.138.142
X-Complaints-To: abuse@worldnet.att.net
X-Trace: bgtnsc05-news.ops.worldnet.att.net 1035166651 12.89.138.142 (Mon,
 21 Oct 2002 02:17:31 GMT)
NNTP-Posting-Date: Mon, 21 Oct 2002 02:17:31 GMT
Organization: AT&T Worldnet
Xref: archiver1.google.com comp.lang.ada:29968
Date: 2002-10-21T02:17:31+00:00
List-Id: <comp.lang.ada>

Larry Kilgallen <Kilgallen@SpamCop.net> wrote :
> In article <g99o9.6469$k_2.489840@bgtnsc05-news.ops.worldnet.att.net>, "David
Thompson" <david.thompson1@worldnet.att.net> writes:
> > Mark Biggar <mark.a.biggar@attbi.com> wrote :
...
> >> No, from a computer security point of view, this is exactly what is
> >> wanted.  A user should see absolutely no difference between "file does
> >> not exist" and "you don't have permission to see the file".  Otherwise,
> >> you have introduced a covert information channel.
> >>
> > First this only matters if you want/need nondiscretionary controls.
>
> Non-discretionary controls, known as MAC for Mandatory Access Controls,
> are when the direct data owner (e.g., file owner) does not have full
> rights to control protection, for instance no right to disclose.
>
Yes, and not just the owner, but also other users who are authorized
to read and/or write, if any.

> The inability to tell whether an inaccessible file exists is _NOT_
> restricted to MAC situations.  Under DAC (Dicretionary Access Controls)
> the data owner may very well wish to restrict knowledge of file existence.
> Whether the desire for non-disclosure comes from the data owner or some
> higher authority has nothing to do with what characteristics are required
> in order to avoid disclosing the presence of a file.

But only MAC really needs to be concerned about covert channels,
since a DAC-authorized user is permitted to use open channels.
AFAICT it is rare(r?) in DAC situations to care about disclosing
existence, only contents, but if it is, it is common (and I am
assuming possible) to put the file in a directory which is restricted
against unauthorized probing for member's names and existence.

--
- David.Thompson 1 now at worldnet.att.net